StarlingX

Bug #1815795
Comment #6

Comment 6 for bug 1815795

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-21: Fix merged to stx-config (f/stein)

Reviewed: https://review.openstack.org/638513
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=160ec4eca9b999c7dfc1c0a60d40c41998d1e9ed
Submitter: Zuul
Branch: f/stein

commit 52a829d1803056da8222f30dcc002c39c86c6f54
Author: Matt Peters <email address hidden>
Date: Thu Feb 21 11:20:15 2019 -0500

Temporarily disable iptables restore during puppet

    Docker and kubernetes add rules to iptables, which can end up
    persisted in /etc/sysconfig/iptables by calls to iptables-save.
    When the puppet manifest is applied during node initialization,
    kubernetes is not yet running, and any related iptables rules
    will fail.

    This update disables the restoration of iptables rules from
    previous boots, to ensure the puppet manifest does not fail
    to apply due to invalid rules. However, this means that in
    a DOR scenario (Dead Office Recovery, where both controllers
    will be intializing at the same time), the firewall rules
    will not get reapplied.

Firewall management will be moved to Calico under story 2005066,
at which point this code will be removed.

    Change-Id: I43369dba34e6859088af3794de25a68571c7154c
    Closes-Bug: 1815124
    Signed-off-by: Don Penney <email address hidden>

commit cba2b66e9b27efc077b89fb5e661b8dffc890fd8
Author: Erich Cordoba <email address hidden>
Date: Thu Feb 21 11:21:28 2019 -0600

Move DNS requirement into kubernetes::master

This was causing a failure in computes unlock process where the
Platform::Dns class cannot be found.

    Closes-bug: 1817126
    Change-Id: I0a9e9b60580944a49b9672803fc05216f204b222
    Signed-off-by: Erich Cordoba <email address hidden>

commit 4b35404d6a03c4bfe6ea12e176d8624710a10b2c
Author: Don Penney <email address hidden>
Date: Thu Feb 21 11:33:30 2019 -0500

Ignore error on k8s taint removal from puppet

    There are cases where the kubernetes taint is not present on,
    or has already been removed from, a newly configured standby
    controller. This causes the taint removal command run by the
    puppet manifest to fail. This failure can be safely ignored,
    so the command is updated by this commit to always return
    success.

    Change-Id: Icdb55738e052c65a28e44582e345038b0de83c37
    Closes-Bug: 1815795
    Signed-off-by: Don Penney <email address hidden>

Reviewed:  https://review.openstack.org/638513
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=160ec4eca9b999c7dfc1c0a60d40c41998d1e9ed
Submitter: Zuul
Branch:    f/stein

commit 52a829d1803056da8222f30dcc002c39c86c6f54
Author: Matt Peters <matt.peters@windriver.com>
Date:   Thu Feb 21 11:20:15 2019 -0500

Temporarily disable iptables restore during puppet
    
    Docker and kubernetes add rules to iptables, which can end up
    persisted in /etc/sysconfig/iptables by calls to iptables-save.
    When the puppet manifest is applied during node initialization,
    kubernetes is not yet running, and any related iptables rules
    will fail.
    
    This update disables the restoration of iptables rules from
    previous boots, to ensure the puppet manifest does not fail
    to apply due to invalid rules. However, this means that in
    a DOR scenario (Dead Office Recovery, where both controllers
    will be intializing at the same time), the firewall rules
    will not get reapplied.
    
    Firewall management will be moved to Calico under story 2005066,
    at which point this code will be removed.
    
    Change-Id: I43369dba34e6859088af3794de25a68571c7154c
    Closes-Bug: 1815124
    Signed-off-by: Don Penney <don.penney@windriver.com>

commit cba2b66e9b27efc077b89fb5e661b8dffc890fd8
Author: Erich Cordoba <erich.cordoba.malibran@intel.com>
Date:   Thu Feb 21 11:21:28 2019 -0600

Move DNS requirement into kubernetes::master
    
    This was causing a failure in computes unlock process where the
    Platform::Dns class cannot be found.
    
    Closes-bug: 1817126
    Change-Id: I0a9e9b60580944a49b9672803fc05216f204b222
    Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>

commit 4b35404d6a03c4bfe6ea12e176d8624710a10b2c
Author: Don Penney <don.penney@windriver.com>
Date:   Thu Feb 21 11:33:30 2019 -0500

Ignore error on k8s taint removal from puppet
    
    There are cases where the kubernetes taint is not present on,
    or has already been removed from, a newly configured standby
    controller. This causes the taint removal command run by the
    puppet manifest to fail. This failure can be safely ignored,
    so the command is updated by this commit to always return
    success.
    
    Change-Id: Icdb55738e052c65a28e44582e345038b0de83c37
    Closes-Bug: 1815795
    Signed-off-by: Don Penney <don.penney@windriver.com>